Today’s Voting Machines Story

What if I told you that it would take only one person—one highly motivated, but only moderately skilled bad apple, with either authorized or unauthorized access to the right company’s internal computer network—to steal a statewide election?
[. . .] Thanks the recent and rapid adoption of direct-recording electronic (DRE) voting machines in states and counties across America, the two scenarios that I just outlined have now become siblings (perhaps even fraternal twins) in the same large, unhappy family of information security (infosec) challenges. Our national election infrastructure is now largely an information technology infrastructure, so the problem of keeping our elections free of vote fraud is now an information security problem. If you’ve been keeping track of the news in the past few years, with its weekly litany of high-profile breeches in public- and private-sector networks, then you know how well we’re (not) doing on the infosec front.

The article goes into technical detail on how to accomplish the theft of an election. But then,

Finally, it’s extremely important to note that, in the absence of a meaningful audit trail, like that provided by voter-verified paper receipts, it is virtually impossible to tell machine malfunction from deliberate vandalism. Pioneering election security researcher Rebecca Mercuri has told me that she’s actually much more concerned about “disenfranchisement of voters due to the strategic denial-of-service that currently masquerades as malfunctions,” than she is about “manipulation of election equipment and data files in order to alter election outcomes, although both remain problematic.”
When you have a rash of voting machines that have their memories wiped, their votes erased, or their number of votes mysteriously inflated; when you have reports of machines that crash or refuse to respond; when many machines record a vote for the wrong candidate—all of this could just as plausibly be construed as evidence of fraud as it could be of spontaneous malfunction, because there’s simply no way to tell the difference in most cases.

And, toward the end,

In conclusion, let me summarize what I hope you’ll take home with you after reading this article and thinking about its contents:
* Bits and bytes are made to be manipulated; by turning votes into bits and bytes, we’ve made them orders of magnitude easier to manipulate during and after an election.
* By rushing to merge our nation’s election infrastructure with our computing infrastructure, we have prematurely brought the fairly old and well-understood field of election security under the rubric of the new, rapidly evolving field of information security.
* In order to have confidence in the results of a paperless DRE-based election, you must first have confidence in the personnel and security practices at these institutions: the board of elections, the DRE vendor, and third-party software vendor whose product is used on the DRE.
* In the absence of the ability to conduct a meaningful audit, there is no discernable difference between DRE malfunction and deliberate tampering (either for the purpose of disenfranchisement or altering the vote record).

The basic reason is that customers of Diebold ATMs have a major interest in reliable machines. Also, ATMs produce paper receipts. My small experience in talking with voting officials about the unreliability of the voting machines is that they don’t even hear what I say.